For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • How Verifa Works
    • Quickstart
    • Choosing an Integration Method
  • Use Cases
    • KYC Onboarding
    • Age Verification
    • AML Compliance
    • Fraud Prevention
    • Marketplace Trust & Safety
  • Core Concepts
    • Overview
    • Sessions
    • Verifications & Checks
    • Workflows
    • Identities
    • Cases
    • Screening & Reports
    • Lists
  • Integration Guides
    • Overview
    • JavaScript SDK
    • Web Capture Flow
    • API-Only Integration
    • Mobile SDK
    • Webhooks Guide
    • MCP Server
    • Migrating from Persona
  • API Details
    • Overview
    • Authentication
    • Pagination
    • Rate Limiting
    • Versioning
    • Errors
    • Webhooks
    • Idempotency
    • Key Inflection
    • Data Access
    • Data Retention
  • Tutorials
    • Creating Your First Verification Session
    • Creating a Workflow
    • Receiving Webhooks & Validating Signatures
    • Handling Webhook Events
    • Custom Document Types & AI Extraction
  • Best Practices
    • Testing
    • Preventing Duplicates
    • Fraud Signals
    • Changelog
  • API Reference
      • GETGet SDK configuration for a capture session
      • GETGet a device attestation challenge
      • POSTSubmit a device attestation
      • POSTSubmit NFC chip data
      • GETGet CSCA certificate bundle
API ReferenceSDK

Submit a device attestation

POST
https://devapi.withverifa.com/api/v1/sdk/attest
POST
/api/v1/sdk/attest
$curl -X POST https://devapi.withverifa.com/api/v1/sdk/attest \
>     -H "X-API-Key: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "token": "vk_live_1234567890abcdef",
>  "platform": "ios",
>  "attestation_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdHRlc3RhdGlvbiI6eyJpZCI6IjEyMzQ1NiJ9fQ.SGVsbG8gV29ybGQ=",
>  "challenge": "a1b2c3d4e5f67890"
>}'
1{
2  "status": "not_verified",
3  "reason": "Challenge consumed, attestation verification not yet implemented",
4  "platform": "ios"
5}

Accepts a device attestation submission from the mobile SDK. The server validates the one-time challenge. Server-side Apple App Attest / Google Play Integrity verification is not yet implemented — the endpoint currently returns status: "not_verified" after consuming the challenge.

Authenticated by capture session token in the request body.

Was this page helpful?
Previous

Submit NFC chip data

Next
Built with

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Headers

Verifa-VersiondateOptional

API version date string (e.g. 2026-02-01). If omitted, the version pinned to your API key is used.

Request

This endpoint expects an object.
tokenstringRequired
Capture session token.
platformenumRequired
Allowed values:
attestation_tokenstringRequired
challengestringRequired

Response

Attestation processed.
statusstring
reasonstring
platformstring

Errors

400
Bad Request Error
422
Unprocessable Entity Error